Posted
by
Soulskill
on Friday January 17, 2014 @09:34AM
from the really-just-a-misformatted-order-for-vodka dept.

angry tapir writes "The stolen credit card numbers of millions of Target shoppers took an international trip — to Russia. A peek inside the malicious software that infected Target's POS (point-of-sale) terminals is revealing more detail about the methods of the attackers as security researchers investigate one of the most devastating data breaches in history. Findings from two security companies show the attackers breached Target's network and stayed undetected for more than two weeks. Over two weeks, the malware collected 11GB of data from Target's POS terminals. The data was first quietly moved to another server on Target's network and then transmitted in chunks to a U.S.-based server that the attackers had hijacked. Logs from that compromised server show the data was moved again to a server based in Russia starting on Dec. 2."
A related article at Wired points out that Target suffered a similar breach in 2005, and apparently didn't learn its lesson.

Considering that the terminals in question were running un-patched, net booted XP SP2 WinPE instances with an old Java 4 version, the fact that there were attack vectors should be a long ways from shocking.

Target doesn't really care. They had $100 million in cyber security insurance so most of the cost of this will be covered. AFA the public not trusting Target, well, it will pass quickly because the masses have a short attention span.

Most of us aren't big enough to tell the CC companies to go fuck themselves, and customers kind of require CC processing for online purchases. Many people have learned to stay the fuck away from things like paypal by this point. A business that can't take credit cards is a business about to cease to exist, or shouldn't really be called a business in the first place.

Traget outsourced IT operatations and field work is subbed out as well.

So maybe the IT people within the company that see the problems and may know how to fix them are so far apart form the people who work that team that they can't get stuff down or things are setup up that way so it's easier to sub work out vs locking stuff down and giving each Subcontractor there own logins / private email / info on the system.

Using common logins / just giving the info contractors who then giving that info out to the subcontracts is easier and makes it easier to change firms on each level. But then that info may not get changes / ends in the hands of non tech people who may not give it the security it needs.